Password management has become a complex and unmanageable task for end users of systems (i.e., computers running several applications). In this security-conscious age of technology, the complexity of password management typically results in compromised security and lost productivity. Therefore, the focus of system login has shifted toward coordinating and integrating user authentication and sign-on functions for the multitude of different applications within a system.
One such tool that provides coordination and integration is known as single sign-on (SSO). SSO is a user authentication process that permits a user to enter one name and password in order to access multiple applications within a system. SSO, which is typically requested at the initiation of a network session, allows accessibility to all authorized applications (i.e., where the user has the proper access rights) upon authentication of the user. In doing so, SSO eliminates future authentication prompts when the user switches applications during a particular network session. Thus, SSO enables the user to provide a single set of authentication credentials that, if valid, establish a relationship that gives the user access to all authorized system resources.
More specifically, the user initiates an SSO logon session via a user agent (i.e., desktop browser, mobile device, etc.). When the user's authentication information is verified, SSO generates a master token to represent the user's authenticated session. The master token includes a unique ID by which the master token may be identified by the system. In addition, the master token is capable of keeping track of the various applications upon which the user requests access within the system. Typically, the master token refers to session information, such as the user ID of the user, for the length of time that a user is actively connected to the system (i.e., the session length), etc. Conventionally, the master token is passed to multiple applications participating in the SSO session to avoid the need for user authentication for each application.
SSO offers user convenience, but more importantly, increased security because SSO limits the number of times a user must enter sensitive information (i.e., password, user ID, credit card number, social security number, etc.) to gain access to multiple applications on the system. Additionally, the activity to verify the user's information for each requested application is transparent to the user. In other words, the user does not need to know how each application receives and checks authentication information before granting access to the user.